Wednesday, April 25, 2007

Report: Attacks using Microsoft Office


NEW YORK (CNNMoney.com) -- A rising number of cyberattacks are taking aim at specific individuals at critical government agencies and corporations using e-mails with corrupted Microsoft Office files, according to a published report.
USA Today reported that opening up one of the corrupted files that is attached to an e-mail relinquishes control of the PC without the user's knowledge. The cyberattacks are targeting federal agencies and defense and nuclear contractors, according to the report.

Security firm MessageLabs says it has been intercepting a series of attacks from PCs in Taiwan and China since November, the paper reports. In early 2006, there were one or two such attacks a week, but by March MessageLabs intercepted 716 e-mails carrying corrupted Office files. They were sent to 216 different agencies and companies, according to the paper.
"The attacks are working," Alan Paller, research director at security think tank The SANS Institute, told the paper. "Penetrations are deep and broad."
The Office file attacks are "very targeted and very limited," Mark Miller, director of security response for Microsoft (Charts, Fortune 500), told the paper.
Microsoft warns of security holes

No comments: